Wireless Security

Wireless Security Standards

WPA is the replacement for the vulnerable WEP wireless security standard.
WPA uses the RC4 cipher with the Temporal Key Integrity Protocol (TKIP) for data encryption.
WPA also uses a 128-bit key for data encryption.

Uses a secret key with the Initialization Vector (IV).
Encrypts each packet with a unique key.
Provides a 48-bit Checksum.
A benefit of using TKIP is the protocol inserts a sequence counter on each message to prevent a hacker from performing a replay attack on the wireless network.

Currently used on most wireless networks today.
Uses the Advanced Encryption Standard (AES) algorithm for data encryption.
WPA2 also uses the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP).

This is actual a framework which handles authentication between systems across a network.
It is commonly implemented on IEEE 802.11 wireless networks.
EAP-FAST - EAP Flexible Authentication via Secure Tunneling.
EAP-TLS - EAP Transport Layer Security.
EAP-TTLS - EAP Tunnel Transport Layer Security
LEAP - Lightweight EAP
PEAP - Protected EAP

This is a type of EAP.
EAP Flexible Authentication via Secure Tunneling
This version of EAP was developed by Cisco as a replacement for the Lightweight EAP (LEAP) version which was used in WEP.

Protected EAP
This version of EAP encapsulated EAP messages inside a Transport Layer Security (TLS) tunnel.

This allows more than one organization to share a single RADIUS server for authentication.
Someone from one organization can authenticate to a network owned by another organization using their same credentials.

Allows you to configure a password or passphrase to access the wireless network
With PSK, all authorized users will know and share the same key for the network.

This options allows the wireless router or Access Point to act as an Authenticator to an Authentication Server.
Each user credentials are stored on the Authentication Server.
The Authentication Server can be either RADIUS or TACACS+.

Eliminates the need for a passphrase on network.
Provides an easy way to authenticate to a wireless network.
Uses an 8 digit pin to access the network.
Contains a known security vulnerability which allows an attack to retrieve the WPS Pin.

MAC filtering - Filtering permitted and denied list of MAC addresses.
Antenna placement - The placement and direction of the antennas can affect the direction and area of the wireless signal.
Power levels - The power level on the antennas can affect the signal.
Wireless client isolation - Allows you to isolate a client on a wireless network.
Guest network isolation - Creates an isolated network which allows guests to access strictly only the internet and not the internal resources.
Geofencing - Allows users to access resources when they are within a specific geo-location.
Preshared keys (PSKs)
EAP
Captive portal

Back

Page updated

Google Sites

Report abuse